12 December 2014

Here is a script I have written that will replicate the permissions between two folders including all subfolders and file permissions. Execute the script and you will be prompted for the source and destination folders. It will first parse through and set folder permissions, followed by parsing through file permissions.

11 December 2014

Recently, we upgraded our print servers and needed to reinstall all of the printers. This script will uninstall all printers. I deployed this script out and had it run as the user and a GPO reinstalled the printer with the new network location.

08 December 2014

This module is designed to make automating the installation of software a breeze. It also provides logging that makes it easy to check and see if there were errors during an installation. The logging has been designed so that there is an installation log file that records all steps in the installation, an application log file that the installer creates, and finally a build.log file that records if the application was successfully installed. The build.log file provides a goto location for checking to see if all applications are installed while generating a golden image. It sequentially numbers easy application that makes it a snap to go and check if all apps are there.

The application log will give a step-by-step logging of the installation as shown below:

In order to properly install the module, it is suggested that you create the following folder: %programfiles%\windowspowershell\modules\Deployment. Next, copy the .PSD1 and PSM1 files to that folder. That is all that is needed to install the module.

The next step to using the module is the use the template I created called install.ps1. The global variables are in an array called $GlobalVariables. The function InitializeVariables is where you go in and make the appropriate modifications to the $Global:LogFile, $Global:Phase, $Global:Sequence, and $Global:Title. The Sequence is populated only if this is an installation that occurs during an image processs. If it is an image process, change Phase to Software Deployment.

Once the InitializationVariables is populated, you will insert the appropriate functions in the field that reads #<Insert Functions to install/uninstall applications>. That is all that is to this. I have been testing this out for a few months and it has made my life as an SCCM administrator much easier. I hope it does the same for you.

03 October 2014

The firm I work for does a weekly reboot. As we revamped our SCCM and AD, it was time to revisit the reboot process. I decided to use PowerShell in conjunction with SCCM to handle this process. To make the process easier to maintain and verify, I split it into two parts. There is the reboot script and the verification script. The reboot script creates an empty log file called NotRebooted.log and reboots the PC. It also deletes any file that is from the previous successful reboot. The verification script looks for the NotRebooted.log file and renames it to Rebooted--02-Oct-2014.log for instance. The filename tells that it was rebooted and the date it happened. This provides for an easy verification without having to search through the event viewer logs. To set this up in SCCM, I created two deployments, Reboot and RebootVerify. I setup RebootVerify to run Reboot first. Of course the Reboot is also set to look for a reboot by the program and not SCCM. That is all that is to doing this. IMO, this makes it much easier to track reboots, at least it has here where I work.

22 August 2014

After much research and troubleshooting, here is how to enable bitlocker on a Dell system, including clearing the TPM. The documentation by Dell, Trusted Computing Group, and advice from this thread and this one say that it must be done with physical presence through the BIOS screen. There is a way to do this without having to go through the BIOS. Dell has added three additional settings in the BIOS, tpmppiacpi, tpmppipo, and tpmppidpo. If you enable all three of these settings, then you can clear the TPM ownership without having to physically go into the BIOS. There is a catch. When you clear the TPM, you will be prompted with the screenshot below if you want to accept clearing the TPM when the machine reboots. Once you hit F12, the system will continue. I didn't actually find this to be an issue because the Bitlocker process is next to the last process in the build, so once a technician hits F12, it is only a couple more minutes before the build process is complete. Here is a screenshot of what appears:

In the script that I wrote to clear the TPM, I discovered that it only requires one command to clear it. This documentation from Microsoft's developers center has the list of values for SetPhysicalPresenceRequest and what each value does. Unlike what others were posting, I found that I only needed to use value 5, which is clear TPM.

Now to the actual process. I have created a Powershell script for each step in the process with the script sequentially numbered so you know the process to execute them. Here is the process of enabling TPM, including clearing ownership with a hyperlink to each script in the process:

21 August 2014

This error message was caused, at least in my situation, by the addition of Internet Explorer 11 into the build. It was not integrated, but installed in the golden image as an application. When applying the golden image, the above mentioned error occurred. Luckily, this thread came up with the resolution to comment out <IEWelcomeMsg>false</IEWelcomeMsg> located in the unattend.xml file in the %deployroot%\control\<ImageName> folder. Once I did that, the issue was resolved. You can comment it out by changing the line as follows:

<IEWelcomeMsg>false</IEWelcomeMsg>

TO

<!-- <IEWelcomeMsg>false</IEWelcomeMsg> -->

18 August 2014

Sometimes when you use USMT, it fails for one reason or another. This script is here to transfer user files from one profile to another. It was written so that in the event USMT fails, there is still a means to automate the transfer of user data.

The first step is to login as the end user, or have then login, on the new machine. They can log right back out. This is to create the user profile on the new PC. Once the user has done this, you can now proceed with running the script. It uses robocopy to move the files over. I have also incorporated using PSEXEC to initiate the robocopy command so that the data goes directly from the source to the destination, with no intermediary to slow down the transfer, especially if you are transferring data in a remote office.

One more feature I have included in the script is the capability of transferring data from an old, renamed profile to a newly created profile on the same machine.

Before you run this script, you will need to install PSEXEC at some network location for the script to use and also go through and select what you want excluded in the transfer. I have also made the transfer create a log file, which will also need to be customized to your environment.

13 August 2014

Automating the removal of Outlook data files is a tedious process that is difficult to automate. The registry key is a data hash that is unique on each system. Here is a script I wrote that will do just that. This script will remove the data file from Outlook when run under the end-user's credentials. The script parses through the HKU and removes the registry entry for that key. The complete description is in the code below and you can download it from here.

05 August 2014

I know there have been a lot of blogs out here showing how to move a computer to an OU, but I have taken a different approach. This is a good process for a small to mid-size company that doesn't have a lot of OUs to move machines to during a build. If it is a company the size of HCA, Dell, GM, etc, this isn't a good process because they likely have hundreds of OUs and you would be creating hundreds of PowerShell scripts. The way this process works is that the PowerShell script does not read anything from MDT or SCCM. It is executed, but does the move process on the system and not through MDT or SCCM.

The first thing to do is to get a drop-down window for the organization unit prompt under the join domain portion of the MDT setup process. Andrew provides two different ways of doing this. I ended up using the first one by applying the settings to the customsettings.ini file. When populating this field, it is going to be for informational purposes only. The field itself does not move a system to the new, selected OU.

The next thing to do is to create a separate PowerShell script for each OU you want to move a machine to. This is a really easy process. The script below is what I wrote and use. All you have to do is to change the $NewOU variable to whatever OU you desire.

This script does require that remote server administration toolkit is installed and the AD PowerShell feature is enabled. That is what the import-module activedirectory requires. If your security is setup correctly, users will not be able to see or do anything even if they go in and enable other features in RSAT. The list below are the commands for enabling the AD PowerShell on the machines. This really comes in handy for other uses. I am currently deploying a huge upgrade package that requires users be moved to new OUs once the package is installed. RSAT has given me that capability.

The next step is to create the MDT or SCCM Applications. The way to do this is to go in and create an application for each OU to execute the powershell script associated with that OU. The catch is that the powershell script will not move the machine under the credentials of MDT because it uses the system account for installing applications and it will not have access to AD. To get around this, you will need to use psexec to run the powershell script as a different user. Here is the command line I use to execute the scripts from an MDT Application:

The final step is to put the applications into the task sequence. I created a folder and put an individual application task for each OU and associated the matching application with it. Here is an example:

You will need to filter each task sequence by creating a conditional statement in the options of the task sequence application. You will create a Task sequence variable, use MachineObjectOU, and associate with the matching OU in the customsettings.ini file. This will limit them to run only if the selected OU in the Windows Deployment Wizard matches.

That is everything you need to do to get this process to work.

25 July 2014

This error in my case was being caused because the MSI was being executed through SCCM. The MSI file had to be executed locally and not from a network source. It would install with no issues if you double-clicked on the MSI. It only happened when SCCM tried to install it. During my troubleshooting, I tried a few different alternatives:

I use a PowerShell script to install the package. I thought it could be causing the issue, so I created a new SCCM package that only executed the MSI with the following command line, but the error persisted: msiexec.exe /I iDocID_for_32bit_Office.msi /qb-

I created a GPO that installed the MSI

These options did not resolve the issue. I then decided that if the issue was because the MSI needs to execute locally, then why not use psexec? I created the following command line to incorporate into an SCCM program. It failed the first time I ran it. The second time was successful after I went back into the environment tab and ran it with user rights. Basically this executes the package on the local machine under the user profile of the logged on user but runs the installer with the SCCM admin account. This resolved my issue.

07 July 2014

Sometimes the screen resolution in a build does not set to the maximum. Resolution can be set with PowerShell, but the scripting requirements and complexity is too much, IMO. AutoIT offers an easy way to automate this process. I have written this script to do just that. There is documentation within the script. You will need to have the AutoIT compiler for this. Here is the link to download it.

27 June 2014

Installing the SCCM client takes a few minutes. This script was written so that it will wait for the ccmsetup.exe to complete. I have encountered issues with the setup not completing before the system reboots during a build process. That is the reason I wrote this script. There are verifications in this script and it does write a log file. If you don't want the logs, just remove those parts of the script. This script was originally written for SCCM 2007, but it will work on 2012 too. You can download it from here.

There are already scripts out there that will do this, but I have taken it a little further. I have added checking to make sure the application is installed first so that the script does not error out. I have also added on-screen display to show if it was successful or not. I originally started off of the answer here and then expanded. One weird thing I encountered while writing this was that it treated excel 2010 differently than all other shortcuts. That is why you will see the extra three lines of code specifically for excel. You can download the script from here.

29 May 2014

NOTE: This is an old script. I have a newer and more efficient one located here.

This script will enable WOL and test to make sure it has been set. It will return whether it was a success or failure both to a log file and the screen. This script was written to also be incorporated with my new build logging process that I am getting ready to release soon. If you do not want this, just delete the buildlog and sequence variables out, along with their use in the ProcessLogFile function.

22 May 2014

I have been a huge fan of PsExec ever since I became and SCCM Administrator. The problem with PsExec is that it transmits credentials in clear text. There is a great alternative to this and it is PAExec. It is freeware and can be redistributed. It has all of the same functionality as PsExec with a few additional minor features. You can get the software at PowerAdmin.

02 May 2014

This script will enable or disable Internet Explorer Active X components. All you have to do is pass the user friendly name of the component, component's GUID, and the flag. The app will verify if the change actually takes place and returns a success or failure status.

01 May 2014

This script will install the Dell CCTK and set specified BIOS settings. Unlike the CCTK that allows you to create a multiplatform file to run against any Dell model machine, this script takes a different approach so that there is a description, logging, and verification of each BIOS setting. This script will first install the CCTK that needs to be in the same directory as the script. It then executes the CCTKSetting function that allows for you to enter each desired setting. There are four variables passed into the function. The first is a description. The second is the actual name of the BIOS setting. The third is the desired value for the setting. Finally, the fourth is only for the bootorder setting. There has to be an additional value passed for this setting.

When executed, the script writes both to the screen and a log file the settings that were changed. Since this is a multiplatform, I have included a return message "unavailable" for those settings not present of the machine this was executed on.

NOTE: If you use this script in a build process and make changes to embsataraid, the OS will likely fail to load. This setting has to be changed before the OS is layed down.

10 April 2014

It is very easy to stop shortcuts from being installed during an MSI installation. The first thing you will need is ORCA or Super ORCA. These applications will allow you to open up and edit the contents of the MSI. Once you have the MSI opened up in either app, go to the shortcut table as shown in the pic below. Once there, right-click on each row and click drop-row. That is all that is to preventing shortcuts from being installed.

07 April 2014

In my experience, this error was caused by me manually editing the unattend.xml file associated with an imported operating system. Specifically, I had manually entered the UnattendedJoin credentials within the unattend.xml file. Apparently when you manually enter the credentials in there, and they are in plain text, this error will occur when you override those credentials in the customsettings.ini file. To fix this, either re-import the operating system image or make sure the plain text credentials match in both the customsettings.ini and the unattend.xml files.

06 March 2014

Here is a script I just wrote that will create an active setup registry key. It prompts you for the title, description, command line execution string, and version. It generates a unique GUID to name the registry key. It then generates the registry key file and places it in the same directory as the script was executed from.

All of us have posts that we want to clean up from the past. They may be posts that are now embarrassing, posts with exes that we want gone off of our profile, or maybe you are interviewing for a job that you know asks for your credentials and you want to make sure your profile looks good. Facebook does not allow the average user to be able to easily see posts from a long time ago. If you are a geek and know how to use Facebook's FQL, you can query all previous posts for specific keywords. There are a couple of options:

You can go into the general account setting and click on Download a copy of your Facebook data. This will download all of your facebook data divided up into separate files for each section of your profile, including all of your pictures and videos. Once you have the download, you can then open up the wall.htm file in Excel. It contains all of your wall posts from the beginning of your profile. In order to use this, you can search the spreadsheet for keywords. The results will have the exact date/time it was posted. You can then go to your Facebook profile and find that exact post by clicking on the year first, then the month, and finally scrolling through all posts in that month to find the specific post. You can then click on the drop-down and select Delete.

There is a Facebook app called Search My Posts. This app will allow you to enter keywords and will parse through your profile and find all posts with that keyword. For posts on your profile, this will allow you to click on the Link to Post to take you directly to the post. You can then click on the drop-down and select Delete. This app will also list posts you did on other people's profiles, but does not have a link to the post. You will have to note the date/time, go to the user's profile, and then click on the year/month to parse through all posts for that month until you find your post. At that point, you can delete your post. The same goes for posts you made in groups.

As for recommendations, this solution pertains to both of the above posts. You cannot remove a recommendation from Facebook. You must go to the web page that you clicked on the Facebook recommendation. The way to do this is to click on the link to the Facebook post, if you are using option 2, or go to the date it was posted for option 1, and then click on the link in the Facebook post to take you to the page that was recommended. It is there that you can now click on the Facebook recommend again to remove the recommendation. Once you remove the recommendation, the post disappears off of Facebook.

As far as Facebook messages goes, Facebook has archived the messages in the past, meaning they were not deleted. When you go into your messages box, there is an archive box that you can click on. It is there that you will find all of the messages from the past that were archived. They can now be deleted. You first click on the message. Next, you click on actions and click Delete Conversation. That will permanently delete the message from your Facebook profile.

For your pictures and videos, I suggest using the first option, or manually parsing through them on your profile.

Keeping your Facebook profile safe and out of trouble in civil court, criminal court, work, and home life is wise. I would leave out alcohol, guns, sex, violence, and topics of controversy off of Facebook. These topics can cause you to lose your job, lose your family, be sued, or incriminate you in a criminal court system. If you have any of these topics on Facebook, I suggest cleaning them off. I am not a criminal/civil/psychology expert, but common sense will tell you these things, especially in today's digital world. Information is magnified and misconstrued by many because the reader injects their own emotion into the text, not yours, thereby possibly leading to ramifications.